hallo forum,
wollte mal fragen ob es bei euch aehnlich viele angriffe auf eure (v)server gibt ... bin daher am ueberlegen eine pub-key authentifizierung (ssh) einzuführen.
2010 Jun 01 07:13:43
Received From: vXXXXXX ...->/var/log/auth.log
Rule: 5703 fired (level 10) -> "Possible breakin attempt (high number of reverse lookup errors)."
Portion of the log(s):
Jun 1 07:13:42 vXXXXXX ... sshd[18694]: reverse mapping checking getaddrinfo for y103.net141.okay.pl [85.28.141.103] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 1 07:13:39 vXXXXXX ... sshd[18650]: reverse mapping checking getaddrinfo for y103.net141.okay.pl [85.28.141.103] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 1 07:13:37 vXXXXXX ... sshd[18607]: reverse mapping checking getaddrinfo for y103.net141.okay.pl [85.28.141.103] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 1 07:13:35 vXXXXXX ... sshd[18569]: reverse mapping checking getaddrinfo for y103.net141.okay.pl [85.28.141.103] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 1 07:13:32 vXXXXXX ... sshd[18528]: reverse mapping checking getaddrinfo for y103.net141.okay.pl [85.28.141.103] failed - POSSIBLE BREAK-IN ATTEMPT!
--END OF NOTIFICATION
2010 Jun 01 07:13:47
Received From: vXXXXXX ...->/var/log/auth.log
Rule: 5719 fired (level 10) -> "Multiple access attempts using a denied user."
Portion of the log(s):
Jun 1 07:13:47 vXXXXXX ... sshd[18801]: User root from 85.28.141.103 not allowed because none of user's groups are listed in AllowGroups
Jun 1 07:13:44 vXXXXXX ... sshd[18750]: User root from 85.28.141.103 not allowed because none of user's groups are listed in AllowGroups
Jun 1 07:13:42 vXXXXXX ... sshd[18694]: User root from 85.28.141.103 not allowed because none of user's groups are listed in AllowGroups
Jun 1 07:13:39 vXXXXXX ... sshd[18650]: User root from 85.28.141.103 not allowed because none of user's groups are listed in AllowGroups
Jun 1 07:13:37 vXXXXXX ... sshd[18607]: User root from 85.28.141.103 not allowed because none of user's groups are listed in AllowGroups
Jun 1 07:13:35 vXXXXXX ... sshd[18569]: User root from 85.28.141.103 not allowed because none of user's groups are listed in AllowGroups
Jun 1 07:13:32 vXXXXXX ... sshd[18528]: User root from 85.28.141.103 not allowed because none of user's groups are listed in AllowGroups
--END OF NOTIFICATION
2010 May 31 23:28:40
Received From: vXXXXXX ...->/var/log/auth.log
Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access to the system."
Portion of the log(s):
May 31 23:28:39 vXXXXXX ... sshd[9987]: Failed password for invalid user alias from 74.95.79.97 port 45351 ssh2
May 31 23:28:37 vXXXXXX ... sshd[9987]: Invalid user alias from 74.95.79.97
May 31 23:28:36 vXXXXXX ... sshd[9955]: Failed password for invalid user recruit from 74.95.79.97 port 45248 ssh2
May 31 23:28:34 vXXXXXX ... sshd[9955]: Invalid user recruit from 74.95.79.97
May 31 23:28:33 vXXXXXX ... sshd[9918]: Failed password for invalid user sales from 74.95.79.97 port 45141 ssh2
May 31 23:28:31 vXXXXXX ... sshd[9918]: Invalid user sales from 74.95.79.97
May 31 23:28:30 vXXXXXX ... sshd[9884]: Failed password for invalid user staff from 74.95.79.97 port 45036 ssh2
--END OF NOTIFICATION
2010 May 31 22:37:40
Received From: vXXXXXX ...->/var/log/auth.log
Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access to the system."
Portion of the log(s):
May 31 22:37:39 vXXXXXX ... sshd[9641]: Failed password for invalid user web from 85.28.141.103 port 59700 ssh2
May 31 22:37:38 vXXXXXX ... sshd[9641]: Invalid user web from 85.28.141.103
May 31 22:37:37 vXXXXXX ... sshd[9627]: Failed password for invalid user web from 85.28.141.103 port 59568 ssh2
May 31 22:37:36 vXXXXXX ... sshd[9627]: Invalid user web from 85.28.141.103
May 31 22:37:35 vXXXXXX ... sshd[9607]: Failed password for invalid user web from 85.28.141.103 port 59417 ssh2
May 31 22:37:33 vXXXXXX ... sshd[9607]: Invalid user web from 85.28.141.103
May 31 22:37:32 vXXXXXX ... sshd[9587]: Failed password for invalid user web from 85.28.141.103 port 59282 ssh2
--END OF NOTIFICATION
2010 May 31 21:53:17
Received From: vXXXXXX ...->/var/log/auth.log
Rule: 5551 fired (level 10) -> "Multiple failed logins in a small period of time."
Portion of the log(s):
May 31 21:53:16 vXXXXXX ... sshd[18378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.78.77.25 user=root
May 31 21:53:11 vXXXXXX ... sshd[18348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.78.77.25 user=root
May 31 21:53:06 vXXXXXX ... sshd[18222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.78.77.25 user=root
May 31 21:53:02 vXXXXXX ... sshd[17923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.78.77.25 user=root
May 31 21:52:57 vXXXXXX ... sshd[17885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.78.77.25 user=root
May 31 21:52:53 vXXXXXX ... sshd[17848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.78.77.25 user=root
May 31 21:52:48 vXXXXXX ... sshd[17809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.78.77.25 user=root
--END OF NOTIFICATION
2010 May 31 20:44:56
Received From: vXXXXXX ...->/var/log/auth.log
Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access to the system."
Portion of the log(s):
May 31 20:44:56 vXXXXXX ... sshd[7959]: Failed password for invalid user ts from 165.246.41.44 port 35123 ssh2
May 31 20:44:54 vXXXXXX ... sshd[7959]: Invalid user ts from 165.246.41.44
May 31 20:44:51 vXXXXXX ... sshd[7915]: Failed password for invalid user ts from 165.246.41.44 port 34820 ssh2
May 31 20:44:50 vXXXXXX ... sshd[7915]: Invalid user ts from 165.246.41.44
May 31 20:44:47 vXXXXXX ... sshd[7873]: Failed password for invalid user ts from 165.246.41.44 port 34504 ssh2
May 31 20:44:46 vXXXXXX ... sshd[7873]: Invalid user ts from 165.246.41.44
May 31 20:44:43 vXXXXXX ... sshd[7822]: Failed password for invalid user ts from 165.246.41.44 port 34162 ssh2
--END OF NOTIFICATION